fixing CVE-2014-9684 bug 540678

(Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key 0x33ED3FD25AFC78BA)
author: Matthew Thode <prometheanfire@gentoo.org> 2015-03-09 01:28:07 +0000
committer: Matthew Thode <prometheanfire@gentoo.org> 2015-03-09 01:28:07 +0000
commit: 5772eebb7aa902a675e792ccb24c62b4ae63a405 (patch)
tree: e4f2be340fdea35e07b1108ea75b0f01b33755ab /app-admin/glance
parent: fixing bug 541348 and some major cleanup (diff)
download: gentoo-2-5772eebb7aa902a675e792ccb24c62b4ae63a405.tar.gz
gentoo-2-5772eebb7aa902a675e792ccb24c62b4ae63a405.tar.bz2
gentoo-2-5772eebb7aa902a675e792ccb24c62b4ae63a405.zip
3 files changed, 103 insertions, 2 deletions
diff --git a/app-admin/glance/ChangeLog b/app-admin/glance/ChangeLog
index a75e5352ed94..d1691f06d057 100644
--- a/app-admin/glance/ChangeLog
+++ b/app-admin/glance/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for app-admin/glance
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/ChangeLog,v 1.59 2015/02/08 01:51:56 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/ChangeLog,v 1.60 2015/03/09 01:28:07 prometheanfire Exp $
+
+*glance-2014.2.2-r1 (09 Mar 2015)
+
+  09 Mar 2015; Matthew Thode <prometheanfire@gentoo.org>
+  +files/2014.2.2-CVE-2015-1881.patch, +glance-2014.2.2-r1.ebuild,
+  -glance-2014.2.2.ebuild:
+  fixing CVE-2014-9684 bug 540678
 
 *glance-2014.2.2 (08 Feb 2015)
 
diff --git a/app-admin/glance/files/2014.2.2-CVE-2015-1881.patch b/app-admin/glance/files/2014.2.2-CVE-2015-1881.patch
new file mode 100644
index 000000000000..f7c40b3c863b
--- /dev/null
+++ b/app-admin/glance/files/2014.2.2-CVE-2015-1881.patch
@@ -0,0 +1,93 @@
+From 25a722e614eacc47e4658f0bca6343fa52f7d03f Mon Sep 17 00:00:00 2001
+From: abhishekkekane <abhishek.kekane@nttdata.com>
+Date: Thu, 12 Feb 2015 04:09:14 -0800
+Subject: [PATCH] Image data remains in backend for deleted image
+
+Trying to delete image created using task api (import-from) image gets
+deleted from the database, but image data remains in the backend. Import
+task does not update the location of the image and it remains None even
+image becomes active. Location entry is not added in the database in
+image_locations table.
+
+Added location information to the image before saving the image in
+the database.
+
+SecurityImpact
+
+Conflicts:
+	glance/common/scripts/image_import/main.py
+
+Change-Id: Ie389de6538a9b98dc51c7d781b81b3ab10b83842
+Closes-Bug: #1420696
+(cherry picked from commit 78b5b0a9575cd5e9c4543ec0e8fd6072af1f0ebb)
+---
+ glance/common/scripts/image_import/main.py         | 30 +++++++++++-----------
+ .../unit/common/scripts/image_import/test_main.py  |  3 ++-
+ 2 files changed, 17 insertions(+), 16 deletions(-)
+
+diff --git a/glance/common/scripts/image_import/main.py b/glance/common/scripts/image_import/main.py
+index 24dd52b..72c992e 100644
+--- a/glance/common/scripts/image_import/main.py
++++ b/glance/common/scripts/image_import/main.py
+@@ -84,29 +84,29 @@ def import_image(image_repo, image_factory, task_input, task_id, uri):
+     # NOTE: set image status to saving just before setting data
+     original_image.status = 'saving'
+     image_repo.save(original_image)
+-    set_image_data(original_image, uri, None)
+-
+-    # NOTE: Check if the Image is not deleted after setting the data
+-    # before setting it's status to active. We need to set the status
+-    # explicitly here using the Image object returned from image_repo .The
+-    # Image object returned from create_image method does not have appropriate
+-    # factories wrapped around it.
+     image_id = original_image.image_id
++
++    # NOTE: Retrieving image from the database because the Image object
++    # returned from create_image method does not have appropriate factories
++    # wrapped around it.
+     new_image = image_repo.get(image_id)
+-    if new_image.status in ['saving']:
+-        new_image.status = 'active'
+-        new_image.size = original_image.size
+-        new_image.virtual_size = original_image.virtual_size
+-        new_image.checksum = original_image.checksum
++    set_image_data(new_image, uri, None)
++
++    # NOTE: Check if the Image is not deleted after setting the data
++    # before saving the active image. Here if image status is
++    # saving, then new_image is saved as it contains updated location,
++    # size, virtual_size and checksum information and the status of
++    # new_image is already set to active in set_image_data() call.
++    image = image_repo.get(image_id)
++    if image.status == 'saving':
++        image_repo.save(new_image)
++        return image_id
+     else:
+         msg = _LE("The Image %(image_id)s object being created by this task "
+                   "%(task_id)s, is no longer in valid status for further "
+                   "processing." % {"image_id": new_image.image_id,
+                                    "task_id": task_id})
+         raise exception.Conflict(msg)
+-    image_repo.save(new_image)
+-
+-    return image_id
+ 
+ 
+ def create_image(image_repo, image_factory, image_properties, task_id):
+diff --git a/glance/tests/unit/common/scripts/image_import/test_main.py b/glance/tests/unit/common/scripts/image_import/test_main.py
+index 27f502b..a81a66c 100644
+--- a/glance/tests/unit/common/scripts/image_import/test_main.py
++++ b/glance/tests/unit/common/scripts/image_import/test_main.py
+@@ -56,7 +56,8 @@ class TestImageImport(test_utils.BaseTestCase):
+                     image_id,
+                     image_import_script.import_image(image_repo, image_factory,
+                                                      task_input, None, uri))
+-                self.assertEqual('active', image.status)
++                # Check image is in saving state before image_repo.save called
++                self.assertEqual('saving', image.status)
+                 self.assertTrue(image_repo.save.called)
+                 mock_set_img_data.assert_called_once_with(image, uri, None)
+                 self.assertTrue(image_repo.get.called)
+-- 
+2.0.5
+
diff --git a/app-admin/glance/glance-2014.2.2.ebuild b/app-admin/glance/glance-2014.2.2-r1.ebuild
index 28140ce6e116..5a5d7877b6e1 100644
--- a/app-admin/glance/glance-2014.2.2.ebuild
+++ b/app-admin/glance/glance-2014.2.2-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/glance-2014.2.2.ebuild,v 1.1 2015/02/08 01:51:56 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/glance-2014.2.2-r1.ebuild,v 1.1 2015/03/09 01:28:07 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -112,6 +112,7 @@ RDEPEND="
 
 PATCHES=(
 	"${FILESDIR}/${PN}-2013.2-sphinx_mapping.patch"
+	"${FILESDIR}/2014.2.2-CVE-2015-1881.patch"
 )
 
 pkg_setup() {
author	Matthew Thode <prometheanfire@gentoo.org>	2015-03-09 01:28:07 +0000
committer	Matthew Thode <prometheanfire@gentoo.org>	2015-03-09 01:28:07 +0000
commit	5772eebb7aa902a675e792ccb24c62b4ae63a405 (patch)
tree	e4f2be340fdea35e07b1108ea75b0f01b33755ab /app-admin/glance
parent	fixing bug 541348 and some major cleanup (diff)
download	gentoo-2-5772eebb7aa902a675e792ccb24c62b4ae63a405.tar.gz gentoo-2-5772eebb7aa902a675e792ccb24c62b4ae63a405.tar.bz2 gentoo-2-5772eebb7aa902a675e792ccb24c62b4ae63a405.zip